isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller
2003-03-14 01:24:30 +00:00
parent fc65ea65c8
commit 7aa90a9bb9
3 changed files with 443 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
sudo.man.in
View File

@@ -1,8 +1,41 @@
.\" Automatically generated by Pod::Man version 1.15 .\" Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
.\" Thu Apr 25 09:34:52 2002 .\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission
.\" from the author.
.\"
.\" 4. Products derived from this software may not be called "Sudo" nor
.\" may "Sudo" appear in their names without specific prior written
.\" permission from the author.
.\"
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $Sudo$
.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
.\" .\"
.\" Standard preamble: .\" Standard preamble:
.\" ====================================================================== .\" ========================================================================
.de Sh \" Subsection heading .de Sh \" Subsection heading
.br .br
.if t .Sp .if t .Sp
@@ -15,12 +48,6 @@
.if t .sp .5v .if t .sp .5v
.if n .sp .if n .sp
.. ..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text .de Vb \" Begin verbatim text
.ft CW .ft CW
.nf .nf
@@ -28,15 +55,14 @@
.. ..
.de Ve \" End verbatim text .de Ve \" End verbatim text
.ft R .ft R
.fi .fi
.. ..
.\" Set up some character translations and predefined strings. \*(-- will .\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a .\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
.\" to do unbreakable dashes and therefore won't be available. \*(C` and .\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> .\" expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr .tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\ .ie n \{\
@@ -56,10 +82,10 @@
. ds R" '' . ds R" ''
'br\} 'br\}
.\" .\"
.\" If the F register is turned on, we'll generate index entries on stderr .\" If the F register is turned on, we'll generate index entries on stderr for
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" index entries marked with X<> in POD. Of course, you'll have to process .\" entries marked with X<> in POD. Of course, you'll have to process the
.\" the output yourself in some meaningful fashion. .\" output yourself in some meaningful fashion.
.if \nF \{\ .if \nF \{\
. de IX . de IX
. tm Index:\\$1\t\\n%\t"\\$2" . tm Index:\\$1\t\\n%\t"\\$2"
@@ -68,14 +94,13 @@
. rr F . rr F
.\} .\}
.\" .\"
.\" For nroff, turn off justification. Always turn off hyphenation; it .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" makes way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.hy 0 .hy 0
.if n .na .if n .na
.\" .\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts. .\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff . \" fudge factors for nroff and troff
.if n \{\ .if n \{\
. ds #H 0 . ds #H 0
@@ -135,18 +160,17 @@
. ds Ae AE . ds Ae AE
.\} .\}
.rm #[ #] #H #V #F C .rm #[ #] #H #V #F C
.\" ====================================================================== .\" ========================================================================
.\" .\"
.IX Title "sudo @mansectsu@" .IX Title "SUDO @mansectsu@"
.TH sudo @mansectsu@ "1.6.6" "April 25, 2002" "MAINTENANCE COMMANDS" .TH SUDO @mansectsu@ "March 13, 2003" "1.6.7" "MAINTENANCE COMMANDS"
.UC
.SH "NAME" .SH "NAME"
sudo \- execute a command as another user sudo \- execute a command as another user
.SH "SYNOPSIS" .SH "SYNOPSIS"
.IX Header "SYNOPSIS" .IX Header "SYNOPSIS"
\&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | \&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
[ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ] [ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ]
[ \fB\-c\fR \fIclass\fR|\fI-\fR ] [ \fB\-a\fR \fIauth_type\fR ] [ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ]
[ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR [ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR
.SH "DESCRIPTION" .SH "DESCRIPTION"
.IX Header "DESCRIPTION" .IX Header "DESCRIPTION"
@@ -183,55 +207,80 @@ or via the \fIsudoers\fR file.
.SH "OPTIONS" .SH "OPTIONS"
.IX Header "OPTIONS" .IX Header "OPTIONS"
\&\fBsudo\fR accepts the following command line options: \&\fBsudo\fR accepts the following command line options:
.Ip "\-V" 4 .IP "\-V" 4
.IX Item "-V" .IX Item "-V"
The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
version number and exit. If the invoking user is already root version number and exit. If the invoking user is already root
the \fB\-V\fR option will print out a list of the defaults \fBsudo\fR the \fB\-V\fR option will print out a list of the defaults \fBsudo\fR
was compiled with as well as the machine's local network addresses. was compiled with as well as the machine's local network addresses.
.Ip "\-l" 4 .IP "\-l" 4
.IX Item "-l" .IX Item "-l"
The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and
forbidden) commands for the user on the current host. forbidden) commands for the user on the current host.
.Ip "\-L" 4 .IP "\-L" 4
.IX Item "-L" .IX Item "-L"
The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters
that may be set in a \fIDefaults\fR line along with a short description that may be set in a \fIDefaults\fR line along with a short description
for each. This option is useful in conjunction with \fIgrep\fR\|(1). for each. This option is useful in conjunction with \fIgrep\fR\|(1).
.Ip "\-h" 4 .IP "\-h" 4
.IX Item "-h" .IX Item "-h"
The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit. The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
.Ip "\-v" 4 .IP "\-v" 4
.IX Item "-v" .IX Item "-v"
If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
user's timestamp, prompting for the user's password if necessary. user's timestamp, prompting for the user's password if necessary.
This extends the \fBsudo\fR timeout for another \f(CW\*(C`@timeout@\*(C'\fR minutes This extends the \fBsudo\fR timeout for another \f(CW\*(C`@timeout@\*(C'\fR minutes
(or whatever the timeout is set to in \fIsudoers\fR) but does not run (or whatever the timeout is set to in \fIsudoers\fR) but does not run
a command. a command.
.Ip "\-k" 4 .IP "\-k" 4
.IX Item "-k" .IX Item "-k"
The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp
by setting the time on it to the epoch. The next time \fBsudo\fR is by setting the time on it to the epoch. The next time \fBsudo\fR is
run a password will be required. This option does not require a password run a password will be required. This option does not require a password
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
file. file.
.Ip "\-K" 4 .IP "\-K" 4
.IX Item "-K" .IX Item "-K"
The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp The \fB\-K\fR (sure \fIkill\fR) option to \fBsudo\fR removes the user's timestamp
entirely. Likewise, this option does not require a password. entirely. Likewise, this option does not require a password.
.Ip "\-b" 4 .IP "\-b" 4
.IX Item "-b" .IX Item "-b"
The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
command in the background. Note that if you use the \fB\-b\fR command in the background. Note that if you use the \fB\-b\fR
option you cannot use shell job control to manipulate the process. option you cannot use shell job control to manipulate the process.
.Ip "\-p" 4 .IP "\-p" 4
.IX Item "-p" .IX Item "-p"
The \fB\-p\fR (\fIprompt\fR) option allows you to override the default The \fB\-p\fR (\fIprompt\fR) option allows you to override the default
password prompt and use a custom one. If the password prompt password prompt and use a custom one. The following percent (`\f(CW\*(C`%\*(C'\fR')
contains the \f(CW\*(C`%u\*(C'\fR escape, \f(CW\*(C`%u\*(C'\fR will be replaced with the user's escapes are supported:
login name. Similarly, \f(CW\*(C`%h\*(C'\fR will be replaced with the local .RS 4
hostname. .ie n .IP "%u" 8
.Ip "\-c" 4 .el .IP "\f(CW%u\fR" 8
.IX Item "%u"
expanded to the invoking user's login name
.ie n .IP "%U" 8
.el .IP "\f(CW%U\fR" 8
.IX Item "%U"
expanded to the login name of the user the command will
be run as (defaults to root)
.ie n .IP "%h" 8
.el .IP "\f(CW%h\fR" 8
.IX Item "%h"
expanded to the local hostname without the domain name
.ie n .IP "%H" 8
.el .IP "\f(CW%H\fR" 8
.IX Item "%H"
expanded to the local hostname including the domain name
(on if the machine's hostname is fully qualified or the \fIfqdn\fR
sudoers option is set)
.ie n .IP "\*(C`%%\*(C'" 8
.el .IP "\f(CW\*(C`%%\*(C'\fR" 8
.IX Item "%%"
two consecutive \f(CW\*(C`%\*(C'\fR characters are collaped into a single \f(CW\*(C`%\*(C'\fR character
.RE
.RS 4
.RE
.IP "\-c" 4
.IX Item "-c" .IX Item "-c"
The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
with resources limited by the specified login class. The \fIclass\fR with resources limited by the specified login class. The \fIclass\fR
@@ -242,44 +291,44 @@ capabilities for the user the command is run as. If the \fIclass\fR
argument specifies an existing user class, the command must be run argument specifies an existing user class, the command must be run
as root, or the \fBsudo\fR command must be run from a shell that is already as root, or the \fBsudo\fR command must be run from a shell that is already
root. This option is only available on systems with \s-1BSD\s0 login classes root. This option is only available on systems with \s-1BSD\s0 login classes
where \fBsudo\fR has been configured with the \-\-with-logincap option. where \fBsudo\fR has been configured with the \-\-with\-logincap option.
.Ip "\-a" 4 .IP "\-a" 4
.IX Item "-a" .IX Item "-a"
The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
specified authentication type when validating the user, as allowed specified authentication type when validating the user, as allowed
by /etc/login.conf. The system administrator may specify a list by /etc/login.conf. The system administrator may specify a list
of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R" of sudo-specific authentication methods by adding an \*(L"auth\-sudo\*(R"
entry in /etc/login.conf. This option is only available on systems entry in /etc/login.conf. This option is only available on systems
that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured that support \s-1BSD\s0 authentication where \fBsudo\fR has been configured
with the \-\-with-bsdauth option. with the \-\-with\-bsdauth option.
.Ip "\-u" 4 .IP "\-u" 4
.IX Item "-u" .IX Item "-u"
The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified command
as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
\&\fIusername\fR, use \fI#uid\fR. \&\fIusername\fR, use \fI#uid\fR.
.Ip "\-s" 4 .IP "\-s" 4
.IX Item "-s" .IX Item "-s"
The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
environment variable if it is set or the shell as specified environment variable if it is set or the shell as specified
in \fIpasswd\fR\|(@mansectform@). in \fIpasswd\fR\|(@mansectform@).
.Ip "\-H" 4 .IP "\-H" 4
.IX Item "-H" .IX Item "-H"
The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable
to the homedir of the target user (root by default) as specified to the homedir of the target user (root by default) as specified
in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR. in \fIpasswd\fR\|(@mansectform@). By default, \fBsudo\fR does not modify \f(CW\*(C`HOME\*(C'\fR.
.Ip "\-P" 4 .IP "\-P" 4
.IX Item "-P" .IX Item "-P"
The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to preserve The \fB\-P\fR (\fIpreserve group vector\fR) option causes \fBsudo\fR to preserve
the user's group vector unaltered. By default, \fBsudo\fR will initialize the user's group vector unaltered. By default, \fBsudo\fR will initialize
the group vector to the list of groups the target user is in. the group vector to the list of groups the target user is in.
The real and effective group IDs, however, are still set to match The real and effective group IDs, however, are still set to match
the target user. the target user.
.Ip "\-S" 4 .IP "\-S" 4
.IX Item "-S" .IX Item "-S"
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
standard input instead of the terminal device. standard input instead of the terminal device.
.Ip "\-\-" 4 .IP "\-\-" 4
The \fB\--\fR flag indicates that \fBsudo\fR should stop processing command The \fB\-\-\fR flag indicates that \fBsudo\fR should stop processing command
line arguments. It is most useful in conjunction with the \fB\-s\fR flag. line arguments. It is most useful in conjunction with the \fB\-s\fR flag.
.SH "RETURN VALUES" .SH "RETURN VALUES"
.IX Header "RETURN VALUES" .IX Header "RETURN VALUES"
@@ -302,7 +351,7 @@ unreachable.
\&\fBsudo\fR tries to be safe when executing external commands. Variables \&\fBsudo\fR tries to be safe when executing external commands. Variables
that control how dynamic loading and binding is done can be used that control how dynamic loading and binding is done can be used
to subvert the program that \fBsudo\fR runs. To combat this the to subvert the program that \fBsudo\fR runs. To combat this the
\&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0 \&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP\-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0
only) environment variables are removed from the environment passed only) environment variables are removed from the environment passed
on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR, on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR,
\&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR, \&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR,
@@ -357,7 +406,7 @@ subsequent commands run from that shell will \fInot\fR be logged, nor
will \fBsudo\fR's access control affect them. The same is true for will \fBsudo\fR's access control affect them. The same is true for
commands that offer shell escapes (including most editors). Because commands that offer shell escapes (including most editors). Because
of this, care must be taken when giving users access to commands of this, care must be taken when giving users access to commands
via \fBsudo\fR to verify that the command does not inadvertantly give via \fBsudo\fR to verify that the command does not inadvertently give
the user an effective root shell. the user an effective root shell.
.SH "EXAMPLES" .SH "EXAMPLES"
.IX Header "EXAMPLES" .IX Header "EXAMPLES"
@@ -368,22 +417,26 @@ To get a file listing of an unreadable directory:
.Vb 1 .Vb 1
\& % sudo ls /usr/local/protected \& % sudo ls /usr/local/protected
.Ve .Ve
.PP
To list the home directory of user yazza on a machine where the To list the home directory of user yazza on a machine where the
filesystem holding ~yazza is not exported as root: filesystem holding ~yazza is not exported as root:
.PP .PP
.Vb 1 .Vb 1
\& % sudo -u yazza ls ~yazza \& % sudo -u yazza ls ~yazza
.Ve .Ve
.PP
To edit the \fIindex.html\fR file as user www: To edit the \fIindex.html\fR file as user www:
.PP .PP
.Vb 1 .Vb 1
\& % sudo -u www vi ~www/htdocs/index.html \& % sudo -u www vi ~www/htdocs/index.html
.Ve .Ve
.PP
To shutdown a machine: To shutdown a machine:
.PP .PP
.Vb 1 .Vb 1
\& % sudo shutdown -r +15 "quick reboot" \& % sudo shutdown -r +15 "quick reboot"
.Ve .Ve
.PP
To make a usage listing of the directories in the /home To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub-shell partition. Note that this runs the commands in a sub-shell
to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
@@ -425,6 +478,7 @@ version consists of code written primarily by:
\& Todd Miller \& Todd Miller
\& Chris Jepeway \& Chris Jepeway
.Ve .Ve
.PP
See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit
http://www.sudo.ws/sudo/history.html for a short history http://www.sudo.ws/sudo/history.html for a short history
of \fBsudo\fR. of \fBsudo\fR.
@@ -453,4 +507,4 @@ that make setuid shell scripts unsafe on some operating systems
are generally safe). are generally safe).
.SH "SEE ALSO" .SH "SEE ALSO"
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIpasswd\fR\|(5), \fIvisudo\fR\|(@mansectsu@), \fIgrep\fR\|(1), \fIsu\fR\|(1). \&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \fIlogin_cap\fR\|(3), \fIsudoers\fR\|(@mansectform@), \fIpasswd\fR\|(5), \fIvisudo\fR\|(@mansectsu@)

422
sudoers.man.in
View File

File diff suppressed because it is too large Load Diff

99
visudo.man.in
View File

@@ -1,8 +1,41 @@
.\" Automatically generated by Pod::Man version 1.15 .\" Copyright (c) 1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
.\" Thu Apr 25 09:34:54 2002 .\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission
.\" from the author.
.\"
.\" 4. Products derived from this software may not be called "Sudo" nor
.\" may "Sudo" appear in their names without specific prior written
.\" permission from the author.
.\"
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $Sudo$
.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
.\" .\"
.\" Standard preamble: .\" Standard preamble:
.\" ====================================================================== .\" ========================================================================
.de Sh \" Subsection heading .de Sh \" Subsection heading
.br .br
.if t .Sp .if t .Sp
@@ -15,12 +48,6 @@
.if t .sp .5v .if t .sp .5v
.if n .sp .if n .sp
.. ..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text .de Vb \" Begin verbatim text
.ft CW .ft CW
.nf .nf
@@ -28,15 +55,14 @@
.. ..
.de Ve \" End verbatim text .de Ve \" End verbatim text
.ft R .ft R
.fi .fi
.. ..
.\" Set up some character translations and predefined strings. \*(-- will .\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a .\" double quote, and \*(R" will give a right double quote. | will give a
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used .\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
.\" to do unbreakable dashes and therefore won't be available. \*(C` and .\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> .\" expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr .tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\ .ie n \{\
@@ -56,10 +82,10 @@
. ds R" '' . ds R" ''
'br\} 'br\}
.\" .\"
.\" If the F register is turned on, we'll generate index entries on stderr .\" If the F register is turned on, we'll generate index entries on stderr for
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" index entries marked with X<> in POD. Of course, you'll have to process .\" entries marked with X<> in POD. Of course, you'll have to process the
.\" the output yourself in some meaningful fashion. .\" output yourself in some meaningful fashion.
.if \nF \{\ .if \nF \{\
. de IX . de IX
. tm Index:\\$1\t\\n%\t"\\$2" . tm Index:\\$1\t\\n%\t"\\$2"
@@ -68,14 +94,13 @@
. rr F . rr F
.\} .\}
.\" .\"
.\" For nroff, turn off justification. Always turn off hyphenation; it .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" makes way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.hy 0 .hy 0
.if n .na .if n .na
.\" .\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts. .\" Fear. Run. Save yourself. No user-serviceable parts.
.bd B 3
. \" fudge factors for nroff and troff . \" fudge factors for nroff and troff
.if n \{\ .if n \{\
. ds #H 0 . ds #H 0
@@ -135,11 +160,10 @@
. ds Ae AE . ds Ae AE
.\} .\}
.rm #[ #] #H #V #F C .rm #[ #] #H #V #F C
.\" ====================================================================== .\" ========================================================================
.\" .\"
.IX Title "visudo @mansectsu@" .IX Title "VISUDO @mansectsu@"
.TH visudo @mansectsu@ "1.6.6" "April 25, 2002" "MAINTENANCE COMMANDS" .TH VISUDO @mansectsu@ "March 13, 2003" "1.6.7" "MAINTENANCE COMMANDS"
.UC
.SH "NAME" .SH "NAME"
visudo \- edit the sudoers file visudo \- edit the sudoers file
.SH "SYNOPSIS" .SH "SYNOPSIS"
@@ -159,7 +183,7 @@ at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
your system, as determined by the \fIconfigure\fR script. Normally, your system, as determined by the \fIconfigure\fR script. Normally,
\&\fBvisudo\fR does not honor the \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR environment \&\fBvisudo\fR does not honor the \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR environment
variables unless they contain an editor in the aforementioned editors variables unless they contain an editor in the aforementioned editors
list. However, if \fBvisudo\fR is configured with the \fI\*(--with-enveditor\fR list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR
flag or the \fIenveditor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, flag or the \fIenveditor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR. \&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR.
Note that this can be a security hole since it allows the user to Note that this can be a security hole since it allows the user to
@@ -167,7 +191,7 @@ execute any program they wish simply by setting \f(CW\*(C`EDITOR\*(C'\fR or \f(C
.PP .PP
\&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will \&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
not save the changes if there is a syntax error. Upon finding not save the changes if there is a syntax error. Upon finding
an error, \fBvisudo\fR will print a message stating the line \fInumber\fR\|(s) an error, \fBvisudo\fR will print a message stating the line number(s)
where the error occurred and the user will receive the where the error occurred and the user will receive the
\&\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R" \&\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
to re-edit the \fIsudoers\fR file, \*(L"x\*(R" to exit without to re-edit the \fIsudoers\fR file, \*(L"x\*(R" to exit without
@@ -181,7 +205,7 @@ error occurred (if the editor supports this feature).
.SH "OPTIONS" .SH "OPTIONS"
.IX Header "OPTIONS" .IX Header "OPTIONS"
\&\fBvisudo\fR accepts the following command line options: \&\fBvisudo\fR accepts the following command line options:
.Ip "\-c" 4 .IP "\-c" 4
.IX Item "-c" .IX Item "-c"
Enable \fBcheck-only\fR mode. The existing \fIsudoers\fR file will be Enable \fBcheck-only\fR mode. The existing \fIsudoers\fR file will be
checked for syntax and a message will be printed to the checked for syntax and a message will be printed to the
@@ -189,40 +213,40 @@ standard output detailing the status of \fIsudoers\fR.
If the syntax check completes successfully, \fBvisudo\fR will If the syntax check completes successfully, \fBvisudo\fR will
exit with a value of 0. If a syntax error is encountered, exit with a value of 0. If a syntax error is encountered,
\&\fBvisudo\fR will exit with a value of 1. \&\fBvisudo\fR will exit with a value of 1.
.Ip "\-f" 4 .IP "\-f" 4
.IX Item "-f" .IX Item "-f"
Specify and alternate \fIsudoers\fR file location. With this option Specify and alternate \fIsudoers\fR file location. With this option
\&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice, \&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice,
instead of the default, \f(CW@sysconfdir\fR@/sudoers. The lock file used instead of the default, \f(CW@sysconfdir\fR@/sudoers. The lock file used
is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it. is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it.
.Ip "\-q" 4 .IP "\-q" 4
.IX Item "-q" .IX Item "-q"
Enable \fBquiet\fR mode. In this mode details about syntax errors Enable \fBquiet\fR mode. In this mode details about syntax errors
are not printed. This option is only useful when combined with are not printed. This option is only useful when combined with
the \fB\-c\fR flag. the \fB\-c\fR flag.
.Ip "\-s" 4 .IP "\-s" 4
.IX Item "-s" .IX Item "-s"
Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is
used before it is defined, \fBvisudo\fR will consider this a parse used before it is defined, \fBvisudo\fR will consider this a parse
error. Note that it is not possible to differentiate between an error. Note that it is not possible to differentiate between an
alias and a hostname or username that consists solely of uppercase alias and a hostname or username that consists solely of uppercase
letters, digits, and the underscore ('_') character. letters, digits, and the underscore ('_') character.
.Ip "\-V" 4 .IP "\-V" 4
.IX Item "-V" .IX Item "-V"
The \fB\-V\fR (version) option causes \fBvisudo\fR to print its version number The \fB\-V\fR (version) option causes \fBvisudo\fR to print its version number
and exit. and exit.
.SH "ERRORS" .SH "ERRORS"
.IX Header "ERRORS" .IX Header "ERRORS"
.Ip "sudoers file busy, try again later." 4 .IP "sudoers file busy, try again later." 4
.IX Item "sudoers file busy, try again later." .IX Item "sudoers file busy, try again later."
Someone else is currently editing the \fIsudoers\fR file. Someone else is currently editing the \fIsudoers\fR file.
.Ip "@sysconfdir@/sudoers.tmp: Permission denied" 4 .IP "@sysconfdir@/sudoers.tmp: Permission denied" 4
.IX Item "@sysconfdir@/sudoers.tmp: Permission denied" .IX Item "@sysconfdir@/sudoers.tmp: Permission denied"
You didn't run \fBvisudo\fR as root. You didn't run \fBvisudo\fR as root.
.Ip "Can't find you in the passwd database" 4 .IP "Can't find you in the passwd database" 4
.IX Item "Can't find you in the passwd database" .IX Item "Can't find you in the passwd database"
Your userid does not appear in the system passwd file. Your userid does not appear in the system passwd file.
.Ip "Warning: undeclared Alias referenced near ..." 4 .IP "Warning: undeclared Alias referenced near ..." 4
.IX Item "Warning: undeclared Alias referenced near ..." .IX Item "Warning: undeclared Alias referenced near ..."
Either you are using a {User,Runas,Host,Cmnd}_Alias before Either you are using a {User,Runas,Host,Cmnd}_Alias before
defining it or you have a user or hostname listed that defining it or you have a user or hostname listed that
@@ -233,7 +257,7 @@ mode these are errors, not warnings.
.SH "ENVIRONMENT" .SH "ENVIRONMENT"
.IX Header "ENVIRONMENT" .IX Header "ENVIRONMENT"
The following environment variables are used only if \fBvisudo\fR The following environment variables are used only if \fBvisudo\fR
was configured with the \fI\*(--with-env-editor\fR option: was configured with the \fI\-\-with\-env\-editor\fR option:
.PP .PP
.Vb 2 .Vb 2
\& EDITOR Invoked by visudo as the editor to use \& EDITOR Invoked by visudo as the editor to use
@@ -253,6 +277,7 @@ Many people have worked on \fIsudo\fR over the years; this version of
.Vb 1 .Vb 1
\& Todd Miller <Todd.Miller@courtesan.com> \& Todd Miller <Todd.Miller@courtesan.com>
.Ve .Ve
.PP
See the \s-1HISTORY\s0 file in the sudo distribution or visit See the \s-1HISTORY\s0 file in the sudo distribution or visit
http://www.sudo.ws/sudo/history.html for more details. http://www.sudo.ws/sudo/history.html for more details.
.SH "BUGS" .SH "BUGS"
@@ -271,4 +296,4 @@ There is no easy way to prevent a user from gaining a root shell if
the editor used by \fBvisudo\fR allows shell escapes. the editor used by \fBvisudo\fR allows shell escapes.
.SH "SEE ALSO" .SH "SEE ALSO"
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIvi\fR\|(1), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8). \&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8)